Headline
CVE-2023-6791: CVE-2023-6791 PAN-OS: Plaintext Disclosure of External System Integration Credentials
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
Palo Alto Networks Security Advisories / CVE-2023-6791
Urgency REDUCED
Response Effort LOW
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction NONE
Product Confidentiality LOW
Product Integrity NONE
Product Availability NONE
Privileges Required HIGH
Subsequent Confidentiality HIGH
Subsequent Integrity NONE
Subsequent Availability NONE
NVD JSON
Published 2023-12-13
Updated 2023-12-13
Reference PAN-193370
Discovered externally
Description
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
Product Status
Versions
Affected
Unaffected
Cloud NGFW
None
All
PAN-OS 11.1
None
All
PAN-OS 11.0
< 11.0.1
>= 11.0.1
PAN-OS 10.2
< 10.2.4
>= 10.2.4
PAN-OS 10.1
< 10.1.9
>= 10.1.9
PAN-OS 10.0
< 10.0.12
>= 10.0.12
PAN-OS 9.1
< 9.1.16
>= 9.1.16
PAN-OS 9.0
< 9.0.17
>= 9.0.17
PAN-OS 8.1
< 8.1.24-h1
>= 8.1.24-h1
Prisma Access
None
All
Severity: MEDIUM
CVSSv4.0 Base Score: 6.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:D/RE:L/U:Green)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-701: Weakness Introduced During Design
Solution
This issue is fixed in PAN-OS 8.1.24-h1, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.
You should issue new credentials for the impacted external integrations after you upgrade your PAN-OS software to a fixed version to prevent the misuse of previously exposed credentials.
Workarounds and Mitigations
This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.
Acknowledgments
Palo Alto Networks thanks Kajetan Rostojek for discovering and reporting this issue.
Timeline
2023-12-13 Initial publication